<?php
/*
===========================================================================

  Copyright (c) 2010-2012 DSPWeb Development Team

  This program is free software: you can redistribute it and/or modify
  it under the terms of the GNU General Public License as published by
  the Free Software Foundation, either version 3 of the License, or
  (at your option) any later version.

  This program is distributed in the hope that it will be useful,
  but WITHOUT ANY WARRANTY; without even the implied warranty of
  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  GNU General Public License for more details.

  You should have received a copy of the GNU General Public License
  along with this program.  If not, see http://www.gnu.org/licenses/

  This file is part of DSPWeb source code

===========================================================================
*/

if (ini_get('sessions.auto_start') != 1) {
	session_start();
}
include("sql.php");
include("config.php");
include("functions.php");

$sql = new SQL;
$sql->connect($dbhost,$dbuser,$dbpass,$dbname);

if (!empty($_SESSION['loggedin'])) {	
	header("Location: index.php");
}
else {
	if (!empty($_POST['login'])) {
		if (empty($_POST['username']) || empty($_POST['password'])) {
			$error = "One or more fields missing!";
		}
		else {
			$login = $sql->smartquote($_POST['username']);
			$password = $sql->smartquote($_POST['password']);
			$query = $sql->query("SELECT * FROM accounts WHERE login='$login' AND password=PASSWORD('$password')");
			if ($sql->num_rows($query) < 1) {
				$error = "Invalid username or password combination!";
			}
			else {
				$query = $sql->query("SELECT * FROM accounts_banned WHERE accid='".getAccountID($login)."'");
				if ($sql->num_rows($query) > 0) {
					$error = "This account is banned. Please contact a server administrator for more information.";
				}
				else {
					$_SESSION['loggedin'] = $login;
					$_SESSION['login'] = $login;
					header("Location: index.php");
				}
			}			
		}
	}
	
	$page = "views/login.php";
	include_once("template.php");
	echo $output;
}

$sql->close();
?>